US20220417223A1 - Managing Communication Of Sensitive Information - Google Patents
Managing Communication Of Sensitive Information Download PDFInfo
- Publication number
- US20220417223A1 US20220417223A1 US17/640,515 US201917640515A US2022417223A1 US 20220417223 A1 US20220417223 A1 US 20220417223A1 US 201917640515 A US201917640515 A US 201917640515A US 2022417223 A1 US2022417223 A1 US 2022417223A1
- Authority
- US
- United States
- Prior art keywords
- server
- sensitive information
- computer
- user
- user device
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000004891 communication Methods 0.000 title claims abstract description 51
- 238000000034 method Methods 0.000 claims abstract description 37
- 238000013479 data entry Methods 0.000 claims abstract description 36
- 238000012546 transfer Methods 0.000 claims description 13
- 230000004044 response Effects 0.000 claims description 5
- 238000012545 processing Methods 0.000 description 10
- 238000010586 diagram Methods 0.000 description 6
- 238000004458 analytical method Methods 0.000 description 2
- 238000004590 computer program Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 239000004065 semiconductor Substances 0.000 description 2
- 230000001960 triggered effect Effects 0.000 description 2
- TVZRAEYQIKYCPH-UHFFFAOYSA-N 3-(trimethylsilyl)propane-1-sulfonic acid Chemical compound C[Si](C)(C)CCCS(O)(=O)=O TVZRAEYQIKYCPH-UHFFFAOYSA-N 0.000 description 1
- 230000001010 compromised effect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q30/00—Commerce
- G06Q30/02—Marketing; Price estimation or determination; Fundraising
- G06Q30/0207—Discounts or incentives, e.g. coupons or rebates
- G06Q30/0226—Incentive systems for frequent usage, e.g. frequent flyer miles programs or point systems
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0407—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
- H04L63/0414—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden during transmission, i.e. party's identity is protected against eavesdropping, e.g. by using temporary identifiers, but is known to the other party or parties involved in the communication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/18—Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
- H04L9/3213—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/387—Payment using discounts or coupons
Definitions
- the present application relates to managing communications of a networked system and, more specifically, to a server computer and a method for managing the transfer of sensitive information between multiple entities within such a system.
- Typical transaction systems that are part of such payment networks, allow a user to make a payment using a payment card or a computing device by obtaining information from the card or device and communicating details of the transaction and the obtained information to an entity within the system, such as a payment service provider, for further processing.
- Certain transaction systems comprise a third party, with which the user has an account and to which communications regarding the transaction are exchanged in order to update a status of the user's account based on the details of the transaction.
- a computer implemented method comprising: receiving, by a first server from a second server, first sensitive information relating to a user having an account with the second server; receiving, by the first server from a user device, second sensitive information via a data entry page hosted by the first server, wherein the data entry page is configured to receive second sensitive data associated with the user and the second sensitive information is different to the first sensitive information; and associating, by the first server, the first sensitive information with the second sensitive information.
- the first server and the second server communicate via a first communication channel and the first server and the user device communicate via a second, different communication channel.
- a server computer comprising: a processor; and a computer readable medium configured to store executable instructions, wherein the server computer is configured to communicate with a user device and a second server computer, and the processor is configured to execute the stored executable instructions to: receive, from the second server computer via a first communication channel, first sensitive information relating to a user having an account with the second server; receive, from the user device, second sensitive data associated with the user, wherein the second sensitive information is different to the first sensitive information; receive, from the user device via a second, different communication channel, second sensitive information via the data entry page; and associate the first sensitive information with the second sensitive information.
- a system comprising a client computer, a first server and a second server, wherein the first server is configured to: interact with the second server and the client computer via respective data transfer channels; receive, from the second server via the respective data transfer channel, first sensitive information relating to a user having an account with the second server and associated with the client computer; provide a data entry page accessible by the client computer; receive, from the client computer via the respective data transfer channel, second sensitive information associated with the user via the data entry page, wherein the second sensitive information is different to the first sensitive information; and link the first sensitive information with the second sensitive information; wherein the client computer is configured to: access the data entry page to allow the user to input the second sensitive information into the data entry page; and provide the second sensitive information to the first server via the respective data transfer channel; wherein the second server is configured to: identify the account of the user; retrieve the first sensitive information relating to the user using the identified account; and send the first sensitive information to the first server via the respective data transfer channel.
- FIG. 1 is a schematic diagram of a transaction system, according to an example.
- FIG. 2 is a schematic diagram of a first server computer, according to an example.
- FIG. 3 is a schematic diagram of the transaction system of FIG. 1 , according to an example.
- FIG. 4 is a schematic diagram of the transaction system of FIG. 1 , according to an example.
- FIG. 5 is a schematic diagram of a user device, according to an example.
- FIG. 6 is a schematic diagram of a transaction system, according to an example.
- FIG. 7 is a schematic representation of a database stored by a first server computer, according to an example.
- FIG. 1 shows a transaction system 100 to which embodiments described herein have particular applications.
- the transaction system 100 comprises a first server computer 110 , a second server computer 120 and a user device 130 .
- the first server computer 110 and the second server computer 120 communicate via a first communication channel 210 .
- the first server computer 110 and the user device 130 communicate via a second communication channel 220 .
- the first server computer 110 and the second server computer 120 may receive, process, and maintain information relating to a user of the user device 130 and any transactions carried out using the same.
- the first and second communication channels 210 , 220 may be communication channels across a network, such as the Internet or a private network.
- the user device 130 may be a client computer associated with a user, a portable electronic device, such as a smartphone, a smartwatch, a wearable device, or a tablet computer.
- the user device 130 may execute a software application, such as an electronic mobile wallet application storing payment data relating to the user that enables the user to carry out transactions using the device.
- FIG. 2 shows the first server computer 110 to which embodiments described herein have particular applications.
- the first server computer 110 comprises a communication interface 111 , a memory 112 , and a processor 130 .
- the communication interface 111 receives and transmits communications via the first and second communication channels 210 and 220 ( FIG. 1 ) to thereby interact with the second server computer 120 and the user device 130 .
- the communication interface 111 is coupled to the memory 112 and the processor 113 and forwards any received communications to the processor 113 via an internal bus (not shown).
- the memory 112 is coupled to the processor 113 and stores computer readable instructions 114 that are executable by the processor 113 to cause the first server computer 110 to perform one or more processes.
- the processor 113 may execute computer-readable instructions of one or more software applications.
- a user associated with the user device 130 may have an account with the second server computer 120 .
- the second server computer 130 may provide a service to the user and maintain a record for the user, where the record contains sensitive information relating to the user.
- the sensitive information may be a user's name, address, date of birth, account identifier, and historical transaction data.
- a user associated with the user device 130 may have one or more other accounts with the first server computer 110 .
- the first server computer 110 may host services that are accessible by the user device 130 and maintain a record per service for the user, where the record contains sensitive information relating to the user.
- the sensitive information may be payment information comprising payment card details (such as, a primary account number (PAN), a card identifier, digits from a card number and a card security code), payment account details of the user (such as, a bank name and an account number), and historical payment data for the user.
- payment card details such as, a primary account number (PAN), a card identifier, digits from a card number and a card security code
- payment account details of the user such as, a bank name and an account number
- historical payment data for the user such as, a bank name and an account number
- the system 100 may perform a data linking process for the user using the first and second communication channels 210 , 220 , described in more detail in relation to FIG. 3 below.
- a data linking process for the user using the first and second communication channels 210 , 220 , described in more detail in relation to FIG. 3 below.
- an association may be defined between different sensitive information of the user, originating from different sources, which can be utilized by other processes, described in more detail in relation to FIG. 6 .
- FIG. 3 shows the system 100 of FIG. 1 and a flow of communications exchanged between the component parts of the system 100 as part of a data linking process, according to an example.
- the first server computer 110 receives a first message M 1 containing first sensitive information from the second server computer 120 .
- the first sensitive information relates to a user who has an account with the second server computer 120 .
- the first server computer 110 receives a second message M 2 containing second sensitive information from the user device 130 .
- the second sensitive information is received via a data entry page hosted by the first server computer 110 and is communicated to the first server computer 110 .
- the data entry page is configured to receive second sensitive data associated with the user.
- the second sensitive information is different to the first sensitive information.
- the first server computer 110 may validate the second sensitive information before the second sensitive information is associated with the first sensitive information.
- step S 301 is be triggered by the user device 130 accessing a webpage hosted by the second server computer 120 , for example, accessing a user account as a result of a user interacting with the user device 130 and navigating to their account using a web browser on the device 130 .
- step S 130 may be triggered without user involvement, for example, by the user device 130 connecting to a network associated with the second server computer 120 , for example, a Wi-Fi network.
- the first server computer 110 associates the first sensitive information with the second sensitive information within a database ( FIG. 7 ) that the first server computer 110 maintains.
- the association of the first and second sensitive information may be the storing of the first and second information in with the same user identifier, the storing of both the first and second information within a single record maintained by the first server computer 110 and associated with the user, and the storing of the first and second sensitive information in separate records that include a pointer to one another.
- any future access request specifying a common user identifier, or identifying one of the first and second sensitive information, such as a read request, to the or each record could result in retrieval, or at least identification, of both the first and the second sensitive information.
- the first server computer 110 may validate the second sensitive information before the second sensitive information is associated with the first sensitive information.
- the process described in relation to FIG. 3 may be repeated in order to link further sensitive information with the first sensitive information in a many-to-one relationship.
- the use of the different communication channels for sending respective sensitive information enables the different sensitive information to be securely received at a single location, first server computer 110 , from different sources: in this example the second server computer 120 and the user device 130 .
- first sensitive information is communicated directly to the first server computer 110 from the second server computer 120 and is not shared with the user device 130 and
- the second sensitive information is communicated directly to the first server computer 110 from the user device 130 and is not shared with the second server computer 120 . Consequently, the number of separate communications containing sensitive information is reduced compared to a system that does not have two different and direct communication channels between a source of information and a target for the information. This increases the security and the efficiency of the system 100 .
- association between the first and second sensitive information and the direct communication between the first and second server computer 110 , 120 increases the efficiency of a process carried out by the second server computer 120 using the first sensitive information because the process is automatically initiated by another process carried out by the first server computer 110 using the second sensitive information, and vice versa.
- association means there is no need to provide the first or second sensitive information to the first server computer 110 in order to initiate any subsequent processes using the respective information because the first server already stores the association and the first and second sensitive information.
- the direct communication 210 between the second server computer 120 and the first server computer 110 has the effect that the user device 130 is not involved in generating the first sensitive information or providing the first sensitive information to the first server computer 110 .
- the user device is not involved with the first sensitive information which: (i) eliminates the risk of erroneous input of the information at the user device 130 (so increases the reliability of information); and (ii) avoids storing the first sensitive information on the user device 130 , for example a browser operating on the user device 130 may store such sensitive information within a browser history or web log, which are considered to be unsecure.
- the number of communications containing the first sensitive information is reduced, thus reducing the risk of interception of the first sensitive information.
- FIG. 4 shows the system 100 of FIG. 1 and a flow of communications between the components parts of the system 100 , according to an example.
- FIG. 4 provides further detail to the example of FIG. 3 .
- the first server computer 110 receives a first message M 11 comprising first sensitive information from the second server computer 120 , where the first sensitive information relates to a user having an account with the second server computer 120 .
- the second server computer 120 maintains a database comprising information relating to a plurality of users. Each of the users may have an account, such as an online account, with the second server computer 120 , whereby the user has previously provided particular information to the second server computer 120 and is provided with a service, where the provided information is stored within a record of the database corresponding to their account.
- the second server computer 120 may store information relating to each user in corresponding record(s) of the database to facilitate access to an account of a user to obtain first sensitive information.
- the second server computer 120 may search its database using an identifier associated with a user in order to locate corresponding account information.
- the user device 130 may provide the identifier to the second server computer 120 .
- the message M 11 also contains a re-direct URL, generated by the second server computer 120 , and to be forwarded to the user device at a later point in time (step S 406 ).
- the first server computer 110 generates and transmits a second message M 12 comprising a session identifier to the second server computer 120 .
- the second message M 12 may be embedded within a first token.
- the first token may be used as a replacement or substitute for the session identifier.
- the second server computer 120 generates a third message M 13 that forwards the session identifier and a URL for a data entry page associated with the session identifier to the user device 130 .
- the URL is generated by the second server computer 120 and is specific to the user of the user device 130 to allow the second server computer 120 to identify which user is the subject of any communication sent to the URL.
- the second server computer 120 may use the first token to provide the session identifier to the user device 130 .
- the session identifier may be embedded within or appended to the first token.
- the URL and the session identifier enable the user device to access the corresponding data entry page hosted by the first server computer 110 and to provide second sensitive information to the first server computer 110 via the data entry page.
- the first server computer 110 may serve e.g. a web data entry page to a browser on the user device 130 , included in a fourth message M 14 .
- the data entry page is opened as an iFrame within the browser.
- the first server computer 110 transmits a second token with the data entry page, where the first and second tokens are different. The second token may be used to submit data into the data entry page.
- first and second tokens provide another way of verifying the integrity of received data and thus enables an intercepted communication to be more easily identified if the token has been modified.
- the first and second tokens may be JSON web tokens (JWT) that are one-time use tokens and locked to a particular resource, which, in the example of FIG. 4 , is the session identifier for the first token and is the submitted data for the second token.
- JWT may be present in the header of a HTTPS request between the respective entities of the system 100 and used to verify the source of the data or message that the JWT accompanies.
- the JWT is generated using an asymmetric algorithm, such as the RSA 256 algorithm.
- the first server computer 110 receives a fifth message M 15 that comprises the second token comprising the session identifier and the second sensitive information from the user device 130 via the data entry page.
- the session identifier provides a way for the user device 130 to identify to the first server computer 110 that the second sensitive information is sent by the user device 130 .
- the first server computer 110 validates the second sensitive information, by, in some examples, forwarding the second sensitive information to an account validating entity.
- the first server computer 110 associates the second sensitive information with the first sensitive information.
- the first server computer 110 provides the re-direct URL to the user device 130 in a seventh message M 17 .
- the re-direct URL causes the browser of the user device 130 to automatically access a webpage associated with the second server computer 120 and identified by the re-direct URL.
- the process described in relation to FIG. 4 may be repeated with other server computers in direct communication with the first server computer 110 so that the first server computer 110 links other sensitive information received from the respective other servers with the second sensitive information.
- the second sensitive information may be linked with information provided by multiple sources and thus be in a many-to-one relationship. Consequently, an access request for the second sensitive information submitted to a database of the first server computer 110 could return some or all sensitive information previously associated with the second sensitive information by the first server computer 110 .
- FIG. 5 shows the user device 130 .
- the user device 130 may be running a web browser 132 that accesses a webpage hosted by the second server computer 120 to initiate a data linking process at step S 401 of FIG. 4 .
- the web browser 132 may also access a data entry page 134 hosted by the first server computer 110 at step S 404 of FIG. 4 .
- the web browser 132 accesses the data entry page 134 by providing a session identifier to the first server computer 110 , where the session identifier was received from the first server computer 110 via the second server computer 120 at step S 403 of FIG. 4 .
- the web browser 132 may subsequently access a web page associated with the re-direct URL provided to the user device 130 at step S 406 of FIG. 4 .
- the linked or associated sensitive information maintained by the first server computer 110 may be an association between different sources, such as an electronic wallet application executing on a user device and a loyalty scheme account of a loyalty scheme provider, and used to process transactions involving the user device.
- FIG. 6 shows the system 100 of FIG. 1 and a flow of communications transferred between the component parts of the system 100 as part of a process of using linked data, according to an example.
- system 100 is communicatively coupled to a merchant point-of-sale (POS) device 150 .
- POS device 150 is associated with a merchant that provides goods and/or services, or access thereto, to a user based on a transaction.
- the user device 130 provides sensitive information to the POS device 150 .
- the sensitive information comprises payment card details or details of a payment account.
- the POS device 150 communicates the sensitive information and corresponding transaction data to the first server computer 110 .
- the corresponding transaction data comprises a transaction amount.
- the POS device 150 is in communication with another computing entity that processes the payment and/or transaction data before forwarding it on to the first server computer 110 .
- the first server computer 110 maintains a database 700 ( FIG. 7 ) containing sensitive information for a plurality of users that each have an account with the first server computer 110 .
- the database 700 has five columns: Record ID; Surname; Loyalty card ID, Payment card ID; and Account number, and maintains a plurality of records 730 , each corresponding to a respective user.
- the loyalty card ID column contains the first sensitive information 710 previously provided to the first server computer 110 by the second server computer 120 as part of a data linking process (described in relation to FIGS. 1 - 5 ).
- the Payment card ID and the Account number columns contain the second sensitive information 720 previously provided to the first server computer 110 by the user device 130 as part of the data linking process (described in relation to FIGS. 1 - 5 ).
- the first server computer 110 Based on the sensitive information received at step S 601 , such as payment card details or details of a payment account, the first server computer 110 identifies a record of the plurality of records in the database 700 associated with the user device 130 .
- the sensitive information comprises a payment card identifier “3003”. Accordingly, the identifier “3003” is used as the basis for a search within the database 700 . A search based on “3003” would identify the record with record ID “3” in the database 700 .
- the first server computer 110 proceeds to retrieve other sensitive information, such as the loyalty card ID number “67832”, that was previously associated with the received sensitive information “3003” in a data linking process from the identified record “3”, where at least some of the other sensitive information was previously provided by the second server computer 120 in accordance with steps 301 and 401 described above.
- other sensitive information such as the loyalty card ID number “67832”
- the first server computer 110 communicates the transaction data and at least some of the sensitive information, including at least the loyalty card ID “67832” within the identified record “3” to the second server computer 120 with which the user of the user device 130 has an account.
- the second server computer 120 identifies the user's account using the loyalty card ID “67832” and updates the user's account based on the transaction data.
- the second server computer 120 sends a communication to the user device 130 notifying the user that their account with the second server computer 120 has been updated based on the transaction.
- the first server computer 110 may be queried, for example by the second server computer 120 , to retrieve details of the association between an account maintained by the second server computer 120 and one or more maintained by the first server computer 110 .
- the system 100 described in relation to FIGS. 1 - 7 may have particular application in a transaction system where the first server computer 110 is a payment processing server and the second server computer 120 is a loyalty scheme server.
- the payment processing server 110 may comprise a transaction service provider and/or an issuer server, or be in communication therewith, to process transaction and payment data to enable a transaction between a user and a merchant to be authorized and completed.
- the loyalty scheme server 120 maintains loyalty accounts for a plurality of users and updates the status of each account based on and in response to transactions that the respective users carry out at merchant locations, for example, at a merchant's POS device, which may be in a store or implemented as software on the merchant's website. As such, the loyalty scheme server 120 and the payment processing server 130 have a shared interest in user transactions.
- the payment processing server 110 receives sensitive information relating to a user from the loyalty scheme server 120 (for example, a loyalty scheme identifier) and the user device 130 (for example, payment card details) and defines an association between the two and thus, a user's loyalty account, for which a user may have a physical or an electronic loyalty account card, and a user's payment account, for which the user may have a physical or an electronic payment card. Accordingly, the association between the user's loyalty account and the user's payment account would be understood to be an association between the user's loyalty account card and the user's payment account card.
- a user may link multiple payment cards to a single loyalty account card by repeating the methods described in relation to FIGS. 3 and 4 .
- the database would contain a single “Loyalty card ID” column and multiple “Payment card ID” columns, such as “1 st Payment card ID”, “2nd Payment card ID”, etc.
- transaction data may be monitored and passed directly from the payment processing server 110 to the loyalty scheme server 120 so that a user account maintained by the loyalty scheme server 120 can be updated, without requiring user intervention or further communications with the user device 130 , when the payment processing server 110 is processing a transaction.
- the user is not required to separately interact with the merchant's POS device 150 using their loyalty account card and their payment account card. Rather, a single interaction between the POS device 150 and the user's payment account card facilitates the updating of the user's loyalty account, which simplifies the transaction system 100 and interactions thereof, as described above.
- the transaction data may be sent to the loyalty scheme provider 120 with the sensitive information (for example, the loyalty account identifier or a corresponding loyalty card number) previously received by the loyalty scheme server 120 to enable the loyalty scheme provider 120 to identify the relevant user account.
- the transaction data may include one or more of the following: a unique payment account or card identifier; an authentication code; a transaction identifier; a transaction amount; a transaction currency; a transaction date and time; a merchant descriptor name; and a merchant identifier.
- the loyalty scheme server 120 analyses the transaction data to determine any updates to be made to a corresponding user account. This analysis may comprise comparing the transaction data to data relating to the merchant, either stored by the loyalty scheme server 120 , or provided by the merchant's POS device 150 , to determine the eligibility of the transaction data for being the basis on which an update to a user's loyalty account is made.
- the loyalty scheme provider may update a user account by incrementing a counter value based on received transaction data. For instance, a number of points may be awarded to a user's loyalty account based on a monetary value of a transaction.
- the transaction system 100 enables the loyalty scheme server 120 to receive details on transactions from the payment processing server 110 without needing to become PCI compliant.
- PCI DSS Payment Card Industry Data Security Standard
- the invention also extends to computer programs, particularly computer programs on or in a carrier, adapted for putting the invention into practice.
- the program may be in the form of non-transitory source code, object code, a code intermediate source and object code such as in partially compiled form, or in any other non-transitory form suitable for use in the implementation of processes according to the invention.
- the carrier may be any entity or device capable of carrying the program.
- the carrier may comprise a storage medium, such as a solid-state drive (SSD) or other semiconductor-based RAM; a ROM, for example a CD ROM or a semiconductor ROM; a magnetic recording medium, for example a floppy disk or hard disk; optical memory devices in general; etc.
- SSD solid-state drive
- ROM read-only memory
- magnetic recording medium for example a floppy disk or hard disk
- optical memory devices in general etc.
Abstract
Disclosed herein is a computer-implemented method of managing sensitive information and the communication thereof. The method comprising: receiving, by a first server from a second server, first sensitive information relating to a user having an account with the second server; receiving, by the first server from a user device, second sensitive information via a data entry page hosted by the first server, wherein the data entry page is configured to receive second sensitive data associated with the user and the second sensitive information is different to the first sensitive information; and associating, by the first server, the first sensitive information with the second sensitive information. The first server and the second server communicate via a first communication channel and the first server and the user device communicate via a second, different communication channel.
Description
- The present application relates to managing communications of a networked system and, more specifically, to a server computer and a method for managing the transfer of sensitive information between multiple entities within such a system.
- As technologies advance, the number of cashless transactions being carried out is ever increasing, which results in an increasing amount of data associated with such transactions being transferred across payment networks, often including several different entities. Typical transaction systems, that are part of such payment networks, allow a user to make a payment using a payment card or a computing device by obtaining information from the card or device and communicating details of the transaction and the obtained information to an entity within the system, such as a payment service provider, for further processing.
- Certain transaction systems comprise a third party, with which the user has an account and to which communications regarding the transaction are exchanged in order to update a status of the user's account based on the details of the transaction.
- It would be advantageous to improve a transaction system that exchanges a plurality of communications relating to a transaction. In addition, it would be advantageous to increase the security of the communications sent to third parties within a transaction system.
- According to a first aspect of the present disclosure there is provided a computer implemented method. The method comprising: receiving, by a first server from a second server, first sensitive information relating to a user having an account with the second server; receiving, by the first server from a user device, second sensitive information via a data entry page hosted by the first server, wherein the data entry page is configured to receive second sensitive data associated with the user and the second sensitive information is different to the first sensitive information; and associating, by the first server, the first sensitive information with the second sensitive information. The first server and the second server communicate via a first communication channel and the first server and the user device communicate via a second, different communication channel.
- According to a second aspect of the present disclosure there is provided a server computer comprising: a processor; and a computer readable medium configured to store executable instructions, wherein the server computer is configured to communicate with a user device and a second server computer, and the processor is configured to execute the stored executable instructions to: receive, from the second server computer via a first communication channel, first sensitive information relating to a user having an account with the second server; receive, from the user device, second sensitive data associated with the user, wherein the second sensitive information is different to the first sensitive information; receive, from the user device via a second, different communication channel, second sensitive information via the data entry page; and associate the first sensitive information with the second sensitive information.
- According to a third aspect of the present disclosure there is provided a system comprising a client computer, a first server and a second server, wherein the first server is configured to: interact with the second server and the client computer via respective data transfer channels; receive, from the second server via the respective data transfer channel, first sensitive information relating to a user having an account with the second server and associated with the client computer; provide a data entry page accessible by the client computer; receive, from the client computer via the respective data transfer channel, second sensitive information associated with the user via the data entry page, wherein the second sensitive information is different to the first sensitive information; and link the first sensitive information with the second sensitive information; wherein the client computer is configured to: access the data entry page to allow the user to input the second sensitive information into the data entry page; and provide the second sensitive information to the first server via the respective data transfer channel; wherein the second server is configured to: identify the account of the user; retrieve the first sensitive information relating to the user using the identified account; and send the first sensitive information to the first server via the respective data transfer channel.
- Various features of the present disclosure will be apparent from the detailed description which follows, taken in conjunction with the accompanying drawings, which together illustrate, features of the present disclosure, and wherein:
-
FIG. 1 is a schematic diagram of a transaction system, according to an example. -
FIG. 2 is a schematic diagram of a first server computer, according to an example. -
FIG. 3 is a schematic diagram of the transaction system ofFIG. 1 , according to an example. -
FIG. 4 is a schematic diagram of the transaction system ofFIG. 1 , according to an example. -
FIG. 5 is a schematic diagram of a user device, according to an example. -
FIG. 6 is a schematic diagram of a transaction system, according to an example. -
FIG. 7 is a schematic representation of a database stored by a first server computer, according to an example. -
FIG. 1 shows atransaction system 100 to which embodiments described herein have particular applications. - The
transaction system 100 comprises afirst server computer 110, asecond server computer 120 and auser device 130. Thefirst server computer 110 and thesecond server computer 120 communicate via afirst communication channel 210. Thefirst server computer 110 and theuser device 130 communicate via asecond communication channel 220. In one example, thefirst server computer 110 and thesecond server computer 120 may receive, process, and maintain information relating to a user of theuser device 130 and any transactions carried out using the same. The first andsecond communication channels - The
user device 130 may be a client computer associated with a user, a portable electronic device, such as a smartphone, a smartwatch, a wearable device, or a tablet computer. Theuser device 130 may execute a software application, such as an electronic mobile wallet application storing payment data relating to the user that enables the user to carry out transactions using the device. -
FIG. 2 shows thefirst server computer 110 to which embodiments described herein have particular applications. Thefirst server computer 110 comprises acommunication interface 111, amemory 112, and aprocessor 130. Thecommunication interface 111 receives and transmits communications via the first andsecond communication channels 210 and 220 (FIG. 1 ) to thereby interact with thesecond server computer 120 and theuser device 130. Thecommunication interface 111 is coupled to thememory 112 and theprocessor 113 and forwards any received communications to theprocessor 113 via an internal bus (not shown). Thememory 112 is coupled to theprocessor 113 and stores computerreadable instructions 114 that are executable by theprocessor 113 to cause thefirst server computer 110 to perform one or more processes. As an example, theprocessor 113 may execute computer-readable instructions of one or more software applications. - In one example, a user associated with the
user device 130 may have an account with thesecond server computer 120. For example, thesecond server computer 130 may provide a service to the user and maintain a record for the user, where the record contains sensitive information relating to the user. In one example, the sensitive information may be a user's name, address, date of birth, account identifier, and historical transaction data. In addition, a user associated with theuser device 130 may have one or more other accounts with thefirst server computer 110. For instance, thefirst server computer 110 may host services that are accessible by theuser device 130 and maintain a record per service for the user, where the record contains sensitive information relating to the user. In one example, the sensitive information may be payment information comprising payment card details (such as, a primary account number (PAN), a card identifier, digits from a card number and a card security code), payment account details of the user (such as, a bank name and an account number), and historical payment data for the user. - In one example, the
system 100 may perform a data linking process for the user using the first andsecond communication channels FIG. 3 below. As a result of such a data linking process, an association may be defined between different sensitive information of the user, originating from different sources, which can be utilized by other processes, described in more detail in relation toFIG. 6 . -
FIG. 3 shows thesystem 100 ofFIG. 1 and a flow of communications exchanged between the component parts of thesystem 100 as part of a data linking process, according to an example. - At step S301, the
first server computer 110 receives a first message M1 containing first sensitive information from thesecond server computer 120. The first sensitive information relates to a user who has an account with thesecond server computer 120. - At step S302, the
first server computer 110 receives a second message M2 containing second sensitive information from theuser device 130. The second sensitive information is received via a data entry page hosted by thefirst server computer 110 and is communicated to thefirst server computer 110. The data entry page is configured to receive second sensitive data associated with the user. The second sensitive information is different to the first sensitive information. In one example, after receiving the second sensitive information, thefirst server computer 110 may validate the second sensitive information before the second sensitive information is associated with the first sensitive information. - In some examples, step S301 is be triggered by the
user device 130 accessing a webpage hosted by thesecond server computer 120, for example, accessing a user account as a result of a user interacting with theuser device 130 and navigating to their account using a web browser on thedevice 130. In some instances, step S130 may be triggered without user involvement, for example, by theuser device 130 connecting to a network associated with thesecond server computer 120, for example, a Wi-Fi network. - After 302, the
first server computer 110 associates the first sensitive information with the second sensitive information within a database (FIG. 7 ) that thefirst server computer 110 maintains. For example, the association of the first and second sensitive information may be the storing of the first and second information in with the same user identifier, the storing of both the first and second information within a single record maintained by thefirst server computer 110 and associated with the user, and the storing of the first and second sensitive information in separate records that include a pointer to one another. In each example, any future access request specifying a common user identifier, or identifying one of the first and second sensitive information, such as a read request, to the or each record could result in retrieval, or at least identification, of both the first and the second sensitive information. - In one example, after receiving the second sensitive information, the
first server computer 110 may validate the second sensitive information before the second sensitive information is associated with the first sensitive information. - In one example, the process described in relation to
FIG. 3 may be repeated in order to link further sensitive information with the first sensitive information in a many-to-one relationship. - The use of the different communication channels for sending respective sensitive information enables the different sensitive information to be securely received at a single location,
first server computer 110, from different sources: in this example thesecond server computer 120 and theuser device 130. In particular because (i) the first sensitive information is communicated directly to thefirst server computer 110 from thesecond server computer 120 and is not shared with theuser device 130 and (ii) the second sensitive information is communicated directly to thefirst server computer 110 from theuser device 130 and is not shared with thesecond server computer 120. Consequently, the number of separate communications containing sensitive information is reduced compared to a system that does not have two different and direct communication channels between a source of information and a target for the information. This increases the security and the efficiency of thesystem 100. - In addition, the amount of sensitive information per communication is reduced, which increases security because if any one communication is intercepted by an unauthorized third party only a single piece of sensitive information will be compromised.
- Moreover, the association between the first and second sensitive information and the direct communication between the first and
second server computer second server computer 120 using the first sensitive information because the process is automatically initiated by another process carried out by thefirst server computer 110 using the second sensitive information, and vice versa. In addition, the association means there is no need to provide the first or second sensitive information to thefirst server computer 110 in order to initiate any subsequent processes using the respective information because the first server already stores the association and the first and second sensitive information. - Furthermore, the
direct communication 210 between thesecond server computer 120 and thefirst server computer 110 has the effect that theuser device 130 is not involved in generating the first sensitive information or providing the first sensitive information to thefirst server computer 110. In this way, the user device is not involved with the first sensitive information which: (i) eliminates the risk of erroneous input of the information at the user device 130 (so increases the reliability of information); and (ii) avoids storing the first sensitive information on theuser device 130, for example a browser operating on theuser device 130 may store such sensitive information within a browser history or web log, which are considered to be unsecure. In addition, the number of communications containing the first sensitive information is reduced, thus reducing the risk of interception of the first sensitive information. -
FIG. 4 shows thesystem 100 ofFIG. 1 and a flow of communications between the components parts of thesystem 100, according to an example.FIG. 4 provides further detail to the example ofFIG. 3 . - As for step S301, at step S401 the
first server computer 110 receives a first message M11 comprising first sensitive information from thesecond server computer 120, where the first sensitive information relates to a user having an account with thesecond server computer 120. In one example, thesecond server computer 120 maintains a database comprising information relating to a plurality of users. Each of the users may have an account, such as an online account, with thesecond server computer 120, whereby the user has previously provided particular information to thesecond server computer 120 and is provided with a service, where the provided information is stored within a record of the database corresponding to their account. Thesecond server computer 120 may store information relating to each user in corresponding record(s) of the database to facilitate access to an account of a user to obtain first sensitive information. In one example, thesecond server computer 120 may search its database using an identifier associated with a user in order to locate corresponding account information. Theuser device 130 may provide the identifier to thesecond server computer 120. In some examples, the message M11 also contains a re-direct URL, generated by thesecond server computer 120, and to be forwarded to the user device at a later point in time (step S406). - At step S402, the
first server computer 110 generates and transmits a second message M12 comprising a session identifier to thesecond server computer 120. In some examples, the second message M12 may be embedded within a first token. The first token may be used as a replacement or substitute for the session identifier. - At step S403, the
second server computer 120 generates a third message M13 that forwards the session identifier and a URL for a data entry page associated with the session identifier to theuser device 130. The URL is generated by thesecond server computer 120 and is specific to the user of theuser device 130 to allow thesecond server computer 120 to identify which user is the subject of any communication sent to the URL. Thesecond server computer 120 may use the first token to provide the session identifier to theuser device 130. For example, the session identifier may be embedded within or appended to the first token. The URL and the session identifier enable the user device to access the corresponding data entry page hosted by thefirst server computer 110 and to provide second sensitive information to thefirst server computer 110 via the data entry page. - At step S404, in response to receiving a request using the URL and the session identifier from the
user device 130, thefirst server computer 110 may serve e.g. a web data entry page to a browser on theuser device 130, included in a fourth message M14. In some examples, the data entry page is opened as an iFrame within the browser. In some examples, thefirst server computer 110 transmits a second token with the data entry page, where the first and second tokens are different. The second token may be used to submit data into the data entry page. - The use of first and second tokens provides another way of verifying the integrity of received data and thus enables an intercepted communication to be more easily identified if the token has been modified. In one example, the first and second tokens may be JSON web tokens (JWT) that are one-time use tokens and locked to a particular resource, which, in the example of
FIG. 4 , is the session identifier for the first token and is the submitted data for the second token. The JWT may be present in the header of a HTTPS request between the respective entities of thesystem 100 and used to verify the source of the data or message that the JWT accompanies. In one example the JWT is generated using an asymmetric algorithm, such as the RSA256 algorithm. - At step S405, the
first server computer 110 receives a fifth message M15 that comprises the second token comprising the session identifier and the second sensitive information from theuser device 130 via the data entry page. The session identifier provides a way for theuser device 130 to identify to thefirst server computer 110 that the second sensitive information is sent by theuser device 130. Thefirst server computer 110 validates the second sensitive information, by, in some examples, forwarding the second sensitive information to an account validating entity. - After the second information is validated the
first server computer 110 associates the second sensitive information with the first sensitive information. - At step S406, the
first server computer 110 provides the re-direct URL to theuser device 130 in a seventh message M17. The re-direct URL causes the browser of theuser device 130 to automatically access a webpage associated with thesecond server computer 120 and identified by the re-direct URL. - In one example, the process described in relation to
FIG. 4 may be repeated with other server computers in direct communication with thefirst server computer 110 so that thefirst server computer 110 links other sensitive information received from the respective other servers with the second sensitive information. As such, the second sensitive information may be linked with information provided by multiple sources and thus be in a many-to-one relationship. Consequently, an access request for the second sensitive information submitted to a database of thefirst server computer 110 could return some or all sensitive information previously associated with the second sensitive information by thefirst server computer 110. -
FIG. 5 shows theuser device 130. Theuser device 130 may be running aweb browser 132 that accesses a webpage hosted by thesecond server computer 120 to initiate a data linking process at step S401 ofFIG. 4 . Theweb browser 132 may also access adata entry page 134 hosted by thefirst server computer 110 at step S404 ofFIG. 4 . Theweb browser 132 accesses thedata entry page 134 by providing a session identifier to thefirst server computer 110, where the session identifier was received from thefirst server computer 110 via thesecond server computer 120 at step S403 ofFIG. 4 . Theweb browser 132 may subsequently access a web page associated with the re-direct URL provided to theuser device 130 at step S406 ofFIG. 4 . - In some examples, the linked or associated sensitive information maintained by the
first server computer 110 may be an association between different sources, such as an electronic wallet application executing on a user device and a loyalty scheme account of a loyalty scheme provider, and used to process transactions involving the user device. -
FIG. 6 shows thesystem 100 ofFIG. 1 and a flow of communications transferred between the component parts of thesystem 100 as part of a process of using linked data, according to an example. - In this
example system 100 is communicatively coupled to a merchant point-of-sale (POS)device 150. ThePOS device 150 is associated with a merchant that provides goods and/or services, or access thereto, to a user based on a transaction. - To initiate such a transaction, at step S601, the
user device 130, such as a mobile phone executing an electronic wallet application, provides sensitive information to thePOS device 150. In one example, the sensitive information comprises payment card details or details of a payment account. At step S602, thePOS device 150 communicates the sensitive information and corresponding transaction data to thefirst server computer 110. In one example, the corresponding transaction data comprises a transaction amount. In one example, thePOS device 150 is in communication with another computing entity that processes the payment and/or transaction data before forwarding it on to thefirst server computer 110. - The
first server computer 110 maintains a database 700 (FIG. 7 ) containing sensitive information for a plurality of users that each have an account with thefirst server computer 110. - In the example of
FIG. 7 , thedatabase 700 has five columns: Record ID; Surname; Loyalty card ID, Payment card ID; and Account number, and maintains a plurality ofrecords 730, each corresponding to a respective user. The loyalty card ID column contains the firstsensitive information 710 previously provided to thefirst server computer 110 by thesecond server computer 120 as part of a data linking process (described in relation toFIGS. 1-5 ). The Payment card ID and the Account number columns contain the secondsensitive information 720 previously provided to thefirst server computer 110 by theuser device 130 as part of the data linking process (described in relation toFIGS. 1-5 ). - Based on the sensitive information received at step S601, such as payment card details or details of a payment account, the
first server computer 110 identifies a record of the plurality of records in thedatabase 700 associated with theuser device 130. In this example, the sensitive information comprises a payment card identifier “3003”. Accordingly, the identifier “3003” is used as the basis for a search within thedatabase 700. A search based on “3003” would identify the record with record ID “3” in thedatabase 700. Thefirst server computer 110 proceeds to retrieve other sensitive information, such as the loyalty card ID number “67832”, that was previously associated with the received sensitive information “3003” in a data linking process from the identified record “3”, where at least some of the other sensitive information was previously provided by thesecond server computer 120 in accordance with steps 301 and 401 described above. - Returning to
FIG. 6 , at step S603, thefirst server computer 110 communicates the transaction data and at least some of the sensitive information, including at least the loyalty card ID “67832” within the identified record “3” to thesecond server computer 120 with which the user of theuser device 130 has an account. Thesecond server computer 120 identifies the user's account using the loyalty card ID “67832” and updates the user's account based on the transaction data. - In some examples, after step S603, the
second server computer 120 sends a communication to theuser device 130 notifying the user that their account with thesecond server computer 120 has been updated based on the transaction. - In other examples, the
first server computer 110 may be queried, for example by thesecond server computer 120, to retrieve details of the association between an account maintained by thesecond server computer 120 and one or more maintained by thefirst server computer 110. - The
system 100 described in relation toFIGS. 1-7 may have particular application in a transaction system where thefirst server computer 110 is a payment processing server and thesecond server computer 120 is a loyalty scheme server. Thepayment processing server 110 may comprise a transaction service provider and/or an issuer server, or be in communication therewith, to process transaction and payment data to enable a transaction between a user and a merchant to be authorized and completed. Theloyalty scheme server 120 maintains loyalty accounts for a plurality of users and updates the status of each account based on and in response to transactions that the respective users carry out at merchant locations, for example, at a merchant's POS device, which may be in a store or implemented as software on the merchant's website. As such, theloyalty scheme server 120 and thepayment processing server 130 have a shared interest in user transactions. - As described above, different sensitive information relating to a user and received from different sources may be linked or associated with one another. In the aforementioned transaction system example, the
payment processing server 110 receives sensitive information relating to a user from the loyalty scheme server 120 (for example, a loyalty scheme identifier) and the user device 130 (for example, payment card details) and defines an association between the two and thus, a user's loyalty account, for which a user may have a physical or an electronic loyalty account card, and a user's payment account, for which the user may have a physical or an electronic payment card. Accordingly, the association between the user's loyalty account and the user's payment account would be understood to be an association between the user's loyalty account card and the user's payment account card. In one example, a user may link multiple payment cards to a single loyalty account card by repeating the methods described in relation toFIGS. 3 and 4 . In such a scenario, in the example ofFIG. 7 the database would contain a single “Loyalty card ID” column and multiple “Payment card ID” columns, such as “1st Payment card ID”, “2nd Payment card ID”, etc. - As described in relation to
FIGS. 6 and 7 , based on an association between different sensitive information relating to a single user, transaction data may be monitored and passed directly from thepayment processing server 110 to theloyalty scheme server 120 so that a user account maintained by theloyalty scheme server 120 can be updated, without requiring user intervention or further communications with theuser device 130, when thepayment processing server 110 is processing a transaction. For instance, the user is not required to separately interact with the merchant'sPOS device 150 using their loyalty account card and their payment account card. Rather, a single interaction between thePOS device 150 and the user's payment account card facilitates the updating of the user's loyalty account, which simplifies thetransaction system 100 and interactions thereof, as described above. - The transaction data may be sent to the
loyalty scheme provider 120 with the sensitive information (for example, the loyalty account identifier or a corresponding loyalty card number) previously received by theloyalty scheme server 120 to enable theloyalty scheme provider 120 to identify the relevant user account. The transaction data may include one or more of the following: a unique payment account or card identifier; an authentication code; a transaction identifier; a transaction amount; a transaction currency; a transaction date and time; a merchant descriptor name; and a merchant identifier. - The
loyalty scheme server 120 analyses the transaction data to determine any updates to be made to a corresponding user account. This analysis may comprise comparing the transaction data to data relating to the merchant, either stored by theloyalty scheme server 120, or provided by the merchant'sPOS device 150, to determine the eligibility of the transaction data for being the basis on which an update to a user's loyalty account is made. - In one example, the loyalty scheme provider may update a user account by incrementing a counter value based on received transaction data. For instance, a number of points may be awarded to a user's loyalty account based on a monetary value of a transaction.
- Fewer communications are used within the
transaction system 100 and thus, less sensitive information is communicated within the system, which means theloyalty scheme server 120, and thetransaction system 100 as a whole, operates in a much more efficient and secure way. In addition, in some examples theloyalty scheme server 120 may not comply with the Payment Card Industry Data Security Standard (PCI DSS), and thus may be referred to as being outside “PCI scope”. Accordingly, thetransaction system 100 enables theloyalty scheme server 120 to receive details on transactions from thepayment processing server 110 without needing to become PCI compliant. - In the preceding description, for purposes of explanation, numerous specific details of certain examples are set forth. Reference in the specification to “an example” or similar language means that a particular feature, structure, or characteristic described in connection with the example is included in at least that one example, but not necessarily in other examples.
- Although at least some aspects of the embodiments described herein with reference to the drawings comprise computer processes performed in processing systems or processors, the invention also extends to computer programs, particularly computer programs on or in a carrier, adapted for putting the invention into practice. The program may be in the form of non-transitory source code, object code, a code intermediate source and object code such as in partially compiled form, or in any other non-transitory form suitable for use in the implementation of processes according to the invention. The carrier may be any entity or device capable of carrying the program. For example, the carrier may comprise a storage medium, such as a solid-state drive (SSD) or other semiconductor-based RAM; a ROM, for example a CD ROM or a semiconductor ROM; a magnetic recording medium, for example a floppy disk or hard disk; optical memory devices in general; etc.
- The above examples are to be understood as illustrative. It is to be understood that any feature described in relation to any one example may be used alone, or in combination with other features described, and may also be used in combination with one or more features of any other of the examples, or any combination of any other of the examples. Furthermore, equivalents and modifications not described above may also be employed.
Claims (20)
1. A computer-implemented method comprising:
receiving, by a first server from a second server, first sensitive information relating to a user having an account with the second server;
receiving, by the first server from a user device, second sensitive information via a data entry page hosted by the first server, wherein the data entry page is configured to receive second sensitive data associated with the user and the second sensitive information is different to the first sensitive information; and
associating, by the first server, the first sensitive information with the second sensitive information;
wherein the first server and the second server communicate via a first communication channel and the first server and the user device communicate via a second, different communication channel.
2. The computer-implemented method of claim 1 , further comprising, in response to receiving the first sensitive information:
transmitting, by the first server to the second server, a session identifier, wherein the second server forwards the session identifier to the user device so that the user device can access the data entry page.
3. The computer-implemented method of claim 1 , further comprising, in response to receiving the first sensitive data:
transmitting, by the first server to the second server, a first token with the session identifier.
4. The computer-implemented method of claim 3 , further comprising:
providing, by the first server to the user device, a second token and the data entry page, wherein the second token is used to provide the second sensitive information to the first server.
5. The computer-implemented method of claim 4 , wherein the first and second tokens are different tokens.
6. The computer-implemented method of claim 1 , further comprising:
receiving, by the first server from the second server, a re-direct URL; and
providing, by the first server to the user device, the re-direct URL, such that a browser of the user device automatically accesses a resource associated with the second server using the re-direct URL after the second sensitive information has been inputted to the data entry page.
7. The computer-implemented method of claim 1 , further comprising:
accessing, by the second server, the account of the user; and
obtaining the first sensitive information.
8. The computer-implemented method of claim 1 , further comprising:
receiving, by the second server, an identifier of the user, wherein the identifier is associated with the account of the user.
9. A computer readable medium comprising instructions executable by a processor to cause the processor to perform the computer-implemented method of claim 1 .
10. A server computer comprising:
a processor; and
a computer readable medium configured to store executable instructions,
wherein the server computer is configured to communicate with a user device and a second server computer, and the processor is configured to execute the stored executable instructions to:
receive, from the second server computer via a first communication channel, first sensitive information relating to a user having an account with the second server;
receive, from the user device, second sensitive data associated with the user, wherein the second sensitive information is different to the first sensitive information;
receive, from the user device via a second, different communication channel, second sensitive information via the data entry page; and
associate the first sensitive information with the second sensitive information.
11. The server computer of claim 10 , configured to:
host a data entry page accessible by the user device and configured to receive the second sensitive data.
12. The server computer of claim 11 , wherein the processor is configured to execute the stored executable instructions to:
transmit, to the second server computer via the first communication channel, a session identifier, wherein the second server computer forwards the session identifier to the user device so that the user device can access the data entry page.
13. The server computer of claim 10 , wherein the processor is configured to execute the stored executable instructions to:
transmit, to the second server computer via the first communication channel, a first token with the session identifier.
14. The server computer of claim 13 , wherein the processor is configured to execute the stored executable instructions to:
provide, to the user device via the second communication channel, a second token and the data entry page, wherein the second token is used to provide the second sensitive information to the server computer.
15. The server computer of claim 14 , wherein the first and second tokens are different tokens.
16. The server computer of claim 12 , wherein the processor is configured to execute the stored executable instructions to:
receive, from the second server computer via the first communication channel, a re-direct URL; and
provide, to the user device via the second communication channel, the re-direct URL, such that a browser of the user device automatically accesses a resource associated with the second server computer using the re-direct URL after the second sensitive information has been inputted to the data entry page.
17. A system comprising a client computer, a first server and a second server,
wherein the first server is configured to:
interact with the second server and the client computer via respective data transfer channels;
receive, from the second server via the respective data transfer channel, first sensitive information relating to a user having an account with the second server and associated with the client computer;
provide a data entry page accessible by the client computer;
receive, from the client computer via the respective data transfer channel, second sensitive information associated with the user via the data entry page, wherein the second sensitive information is different to the first sensitive information; and
link the first sensitive information with the second sensitive information;
wherein the client computer is configured to:
access the data entry page to allow the user to input the second sensitive information into the data entry page; and
provide the second sensitive information to the first server via the respective data transfer channel;
wherein the second server is configured to:
identify the account of the user;
retrieve the first sensitive information relating to the user using the identified account; and
send the first sensitive information to the first server via the respective data transfer channel.
18. The system of claim 17 , wherein:
the first server is configured to:
send a session identifier to the second server via the respective data transfer channel; and
the second server is configured to:
forward the session identifier to the client computer; and
the client computer is configured to:
access the data entry page using the session identifier.
19. The system of claim 18 , wherein:
the first server is configured to, in response to receiving the first sensitive data:
send a first token with the session identifier to the second server via the respective data transfer channel.
20. The system of claim 19 , wherein:
the first server is configured to:
provide a second token to the client computer; and
the client computer is configured to:
use the second token to provide the second sensitive information to the first server.
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/EP2019/073772 WO2021043413A1 (en) | 2019-09-05 | 2019-09-05 | Managing communication of sensitive information |
Publications (1)
Publication Number | Publication Date |
---|---|
US20220417223A1 true US20220417223A1 (en) | 2022-12-29 |
Family
ID=68062891
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US17/640,515 Pending US20220417223A1 (en) | 2019-09-05 | 2019-09-05 | Managing Communication Of Sensitive Information |
Country Status (3)
Country | Link |
---|---|
US (1) | US20220417223A1 (en) |
CN (1) | CN114341911A (en) |
WO (1) | WO2021043413A1 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20230109278A1 (en) * | 2021-10-01 | 2023-04-06 | Dell Products, L.P. | Scope-based access control system and method |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9064376B1 (en) * | 2014-06-06 | 2015-06-23 | Aviel David Rubin | Utilization of multiple devices to secure online transactions |
US10897358B2 (en) * | 2015-07-07 | 2021-01-19 | Aducid S.R.O. | Method for mapping at least two authentication devices to a user account using an authentication server |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7318049B2 (en) * | 2000-11-17 | 2008-01-08 | Gregory Fx Iannacci | System and method for an automated benefit recognition, acquisition, value exchange, and transaction settlement system using multivariable linear and nonlinear modeling |
US10949870B2 (en) * | 2013-06-25 | 2021-03-16 | Brian Booth | Techniques for user-controlled real-time data processing |
US10853835B2 (en) * | 2016-01-04 | 2020-12-01 | Scvngr, Inc. | Payment system with item-level promotional campaigns redeemable automatically at point-of-sale devices |
US11144945B2 (en) * | 2017-12-07 | 2021-10-12 | Visa International Service Association | Method, system, and computer program product for communicating loyalty program identification data |
-
2019
- 2019-09-05 CN CN201980099947.3A patent/CN114341911A/en active Pending
- 2019-09-05 WO PCT/EP2019/073772 patent/WO2021043413A1/en active Application Filing
- 2019-09-05 US US17/640,515 patent/US20220417223A1/en active Pending
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9064376B1 (en) * | 2014-06-06 | 2015-06-23 | Aviel David Rubin | Utilization of multiple devices to secure online transactions |
US10897358B2 (en) * | 2015-07-07 | 2021-01-19 | Aducid S.R.O. | Method for mapping at least two authentication devices to a user account using an authentication server |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20230109278A1 (en) * | 2021-10-01 | 2023-04-06 | Dell Products, L.P. | Scope-based access control system and method |
Also Published As
Publication number | Publication date |
---|---|
WO2021043413A1 (en) | 2021-03-11 |
CN114341911A (en) | 2022-04-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11949670B2 (en) | Method and system for trustworthiness using digital certificates | |
AU2021204210B2 (en) | Method and system for validation of hashed data via acceptance frames | |
CA3004423C (en) | Method and system for use of a blockchain in a transaction processing network | |
US11928679B2 (en) | Method and system for authorization using a public ledger and encryption keys | |
CN109716707B (en) | Server apparatus and method for distributed electronic recording and transaction history | |
US20190303942A1 (en) | Fraud management using a distributed database | |
AU2020203574A1 (en) | Method and system for processing of a blockchain transaction in a transaction processing network | |
US20190172067A1 (en) | Method and system for risk scoring anonymized transactions | |
US20180330342A1 (en) | Digital asset account management | |
US20180322489A1 (en) | System and method for restricted transaction processing | |
US20180181953A1 (en) | Method and system for anonymous directed blockchain transaction | |
US20170097996A1 (en) | Systems and Methods for Privacy Preservation | |
US20140164047A1 (en) | Systems and methods for facilitating call request aggregation over a network | |
US20170083914A1 (en) | Method and system for managing authentication services customer data | |
US20220417223A1 (en) | Managing Communication Of Sensitive Information | |
US20200204553A1 (en) | Method, apparatus and computer program product for exchanging messages across a network | |
US20230281653A1 (en) | System and methods for soft credit approval using text redirect |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: VISA INTERNATIONAL SERVICE ASSOCIATION, CALIFORNIA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:PRASAD, RANJIVA;KRAMER, DEAN;GANGWANI, VISHAL;AND OTHERS;SIGNING DATES FROM 20190710 TO 20190810;REEL/FRAME:059305/0617 |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: NON FINAL ACTION MAILED |